<?php
/**
 * Created by IntelliJ IDEA.
 * User: jimmyhsu
 * Date: 2017/3/31
 * Time: 16:19
 */
date_default_timezone_set("Asia/Shanghai");
$username = $_POST['username'];
$password = $_POST['password'];
$token = $_POST['token'];
include ("../Teacher/db/conn.php");
$sql = "select * from userinfo where name='$username' and password='".md5($password)."'";


$result = mysqli_query($cn, $sql);
if (mysqli_num_rows($result) > 0) {
    $sql = "select * from token where message='$token' and name='$username' and release_time+120>".time();

    $result = mysqli_query($cn, $sql);
    if (mysqli_num_rows($result) > 0) {
        $rsArr = mysqli_fetch_array($result);
        $course_id = $rsArr['course_id'];
        $release_time = $rsArr['release_time'];
        $sql = "delete from token where message='$token' and name='$username'";

        mysqli_query($cn, $sql);
        $sql = "insert into attends values('$username', '$course_id', '".date("Y-m-d")."')";
        // echo $sql;
        if (mysqli_query($cn, $sql)) {
            echo "success";
        } else {
            echo "err1";
        }
    } else {
        echo "err2";
    }
}